1*00b67f09SDavid van Moolenbroek#!/bin/sh 2*00b67f09SDavid van Moolenbroek# 3*00b67f09SDavid van Moolenbroek# Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC") 4*00b67f09SDavid van Moolenbroek# 5*00b67f09SDavid van Moolenbroek# Permission to use, copy, modify, and/or distribute this software for any 6*00b67f09SDavid van Moolenbroek# purpose with or without fee is hereby granted, provided that the above 7*00b67f09SDavid van Moolenbroek# copyright notice and this permission notice appear in all copies. 8*00b67f09SDavid van Moolenbroek# 9*00b67f09SDavid van Moolenbroek# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10*00b67f09SDavid van Moolenbroek# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11*00b67f09SDavid van Moolenbroek# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12*00b67f09SDavid van Moolenbroek# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13*00b67f09SDavid van Moolenbroek# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14*00b67f09SDavid van Moolenbroek# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15*00b67f09SDavid van Moolenbroek# PERFORMANCE OF THIS SOFTWARE. 16*00b67f09SDavid van Moolenbroek 17*00b67f09SDavid van Moolenbroek# Id 18*00b67f09SDavid van Moolenbroek 19*00b67f09SDavid van MoolenbroekSYSTEMTESTTOP=.. 20*00b67f09SDavid van Moolenbroek. $SYSTEMTESTTOP/conf.sh 21*00b67f09SDavid van Moolenbroek 22*00b67f09SDavid van Moolenbroekstatus=0 23*00b67f09SDavid van Moolenbroekn=0 24*00b67f09SDavid van Moolenbroek 25*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 26*00b67f09SDavid van Moolenbroekecho "I:checking drop edns server setup ($n)" 27*00b67f09SDavid van Moolenbroekret=0 28*00b67f09SDavid van Moolenbroek$DIG +edns @10.53.0.2 -p 5300 dropedns soa > dig.out.1.test$n 29*00b67f09SDavid van Moolenbroekgrep "connection timed out; no servers could be reached" dig.out.1.test$n > /dev/null || ret=1 30*00b67f09SDavid van Moolenbroek$DIG +noedns @10.53.0.2 -p 5300 dropedns soa > dig.out.2.test$n || ret=1 31*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 32*00b67f09SDavid van Moolenbroekgrep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 33*00b67f09SDavid van Moolenbroek$DIG +noedns +tcp @10.53.0.2 -p 5300 dropedns soa > dig.out.3.test$n || ret=1 34*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1 35*00b67f09SDavid van Moolenbroekgrep "EDNS: version:" dig.out.3.test$n > /dev/null && ret=1 36*00b67f09SDavid van Moolenbroek$DIG +edns +tcp @10.53.0.2 -p 5300 dropedns soa > dig.out.4.test$n 37*00b67f09SDavid van Moolenbroekgrep "connection timed out; no servers could be reached" dig.out.4.test$n > /dev/null || ret=1 38*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 39*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 40*00b67f09SDavid van Moolenbroek 41*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 42*00b67f09SDavid van Moolenbroekecho "I:checking recursive lookup to drop edns server succeeds ($n)" 43*00b67f09SDavid van Moolenbroekret=0 44*00b67f09SDavid van Moolenbroek$DIG +tcp @10.53.0.1 -p 5300 dropedns soa > dig.out.test$n || ret=1 45*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 46*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 47*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 48*00b67f09SDavid van Moolenbroek 49*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 50*00b67f09SDavid van Moolenbroekecho "I:checking drop edns + no tcp server setup ($n)" 51*00b67f09SDavid van Moolenbroekret=0 52*00b67f09SDavid van Moolenbroek$DIG +edns @10.53.0.3 -p 5300 dropedns-notcp soa > dig.out.1.test$n 53*00b67f09SDavid van Moolenbroekgrep "connection timed out; no servers could be reached" dig.out.1.test$n > /dev/null || ret=1 54*00b67f09SDavid van Moolenbroek$DIG +noedns +tcp @10.53.0.3 -p 5300 dropedns-notcp soa > dig.out.2.test$n 55*00b67f09SDavid van Moolenbroekgrep "connection timed out; no servers could be reached" dig.out.2.test$n > /dev/null 56*00b67f09SDavid van Moolenbroek$DIG +noedns @10.53.0.3 -p 5300 dropedns-notcp soa > dig.out.3.test$n || ret=1 57*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1 58*00b67f09SDavid van Moolenbroekgrep "EDNS: version:" dig.out.3.test$n > /dev/null && ret=1 59*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 60*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 61*00b67f09SDavid van Moolenbroek 62*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 63*00b67f09SDavid van Moolenbroekecho "I:checking recursive lookup to drop edns + no tcp server succeeds ($n)" 64*00b67f09SDavid van Moolenbroekret=0 65*00b67f09SDavid van Moolenbroek$DIG +tcp @10.53.0.1 -p 5300 dropedns-notcp soa > dig.out.test$n || ret=1 66*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 67*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 68*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 69*00b67f09SDavid van Moolenbroek 70*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 71*00b67f09SDavid van Moolenbroekecho "I:checking plain dns server setup ($n)" 72*00b67f09SDavid van Moolenbroekret=0 73*00b67f09SDavid van Moolenbroek$DIG +edns @10.53.0.4 -p 5300 plain soa > dig.out.1.test$n || ret=1 74*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 75*00b67f09SDavid van Moolenbroekgrep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1 76*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 77*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 78*00b67f09SDavid van Moolenbroek 79*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 80*00b67f09SDavid van Moolenbroekecho "I:checking recursive lookup to plain dns server succeeds ($n)" 81*00b67f09SDavid van Moolenbroekret=0 82*00b67f09SDavid van Moolenbroek$DIG +tcp @10.53.0.1 -p 5300 plain soa > dig.out.test$n || ret=1 83*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 84*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 85*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 86*00b67f09SDavid van Moolenbroek 87*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 88*00b67f09SDavid van Moolenbroekecho "I:checking plain dns + no tcp server setup ($n)" 89*00b67f09SDavid van Moolenbroekret=0 90*00b67f09SDavid van Moolenbroek$DIG +edns @10.53.0.5 -p 5300 plain-notcp soa > dig.out.1.test$n || ret=1 91*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 92*00b67f09SDavid van Moolenbroekgrep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1 93*00b67f09SDavid van Moolenbroek$DIG +edns +tcp @10.53.0.5 -p 5300 plain-notcp soa > dig.out.2.test$n 94*00b67f09SDavid van Moolenbroekgrep "connection timed out; no servers could be reached" dig.out.2.test$n > /dev/null 95*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 96*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 97*00b67f09SDavid van Moolenbroek 98*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 99*00b67f09SDavid van Moolenbroekecho "I:checking recursive lookup to plain dns + no tcp server succeeds ($n)" 100*00b67f09SDavid van Moolenbroekret=0 101*00b67f09SDavid van Moolenbroek$DIG +tcp @10.53.0.1 -p 5300 plain-notcp soa > dig.out.test$n || ret=1 102*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 103*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 104*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 105*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 106*00b67f09SDavid van Moolenbroek 107*00b67f09SDavid van Moolenbroekecho "I:checking edns 512 server setup ($n)" 108*00b67f09SDavid van Moolenbroekret=0 109*00b67f09SDavid van Moolenbroek$DIG +edns @10.53.0.6 -p 5300 edns512 soa > dig.out.1.test$n || ret=1 110*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 111*00b67f09SDavid van Moolenbroek$DIG +edns +tcp @10.53.0.6 -p 5300 edns512 soa > dig.out.2.test$n || ret=1 112*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 113*00b67f09SDavid van Moolenbroek$DIG +edns @10.53.0.6 -p 5300 txt500.edns512 txt > dig.out.3.test$n 114*00b67f09SDavid van Moolenbroekgrep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null 115*00b67f09SDavid van Moolenbroek$DIG +edns +bufsize=512 +ignor @10.53.0.6 -p 5300 txt500.edns512 txt > dig.out.4.test$n 116*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 117*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 118*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 119*00b67f09SDavid van Moolenbroek 120*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 121*00b67f09SDavid van Moolenbroekecho "I:checking recursive lookup to edns 512 server succeeds ($n)" 122*00b67f09SDavid van Moolenbroekret=0 123*00b67f09SDavid van Moolenbroek$DIG +tcp @10.53.0.1 -p 5300 txt500.edns512 txt > dig.out.test$n || ret=1 124*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 125*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 126*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 127*00b67f09SDavid van Moolenbroek 128*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 129*00b67f09SDavid van Moolenbroekecho "I:checking edns 512 + no tcp server setup ($n)" 130*00b67f09SDavid van Moolenbroekret=0 131*00b67f09SDavid van Moolenbroek$DIG +noedns @10.53.0.7 -p 5300 edns512-notcp soa > dig.out.1.test$n || ret=1 132*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 133*00b67f09SDavid van Moolenbroek$DIG +noedns +tcp @10.53.0.7 -p 5300 edns512-notcp soa > dig.out.2.test$n 134*00b67f09SDavid van Moolenbroekgrep "connection timed out; no servers could be reached" dig.out.2.test$n > /dev/null 135*00b67f09SDavid van Moolenbroek$DIG +edns @10.53.0.7 -p 5300 edns512-notcp soa > dig.out.3.test$n 136*00b67f09SDavid van Moolenbroekgrep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null 137*00b67f09SDavid van Moolenbroek$DIG +edns +bufsize=512 +ignor @10.53.0.7 -p 5300 edns512-notcp soa > dig.out.4.test$n 138*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 139*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 140*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 141*00b67f09SDavid van Moolenbroek 142*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 143*00b67f09SDavid van Moolenbroekecho "I:checking recursive lookup to edns 512 + no tcp server succeeds ($n)" 144*00b67f09SDavid van Moolenbroekret=0 145*00b67f09SDavid van Moolenbroek$DIG +tcp @10.53.0.1 -p 5300 edns512-notcp soa > dig.out.test$n || ret=1 146*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 147*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 148*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 149*00b67f09SDavid van Moolenbroek 150*00b67f09SDavid van Moolenbroekif $SHELL ../testcrypto.sh > /dev/null 2>&1 151*00b67f09SDavid van Moolenbroekthen 152*00b67f09SDavid van Moolenbroek $PERL $SYSTEMTESTTOP/stop.pl . ns1 153*00b67f09SDavid van Moolenbroek 154*00b67f09SDavid van Moolenbroek cp -f ns1/named2.conf ns1/named.conf 155*00b67f09SDavid van Moolenbroek 156*00b67f09SDavid van Moolenbroek $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1 157*00b67f09SDavid van Moolenbroek 158*00b67f09SDavid van Moolenbroek n=`expr $n + 1` 159*00b67f09SDavid van Moolenbroek echo "I:checking recursive lookup to edns 512 + no tcp + trust anchor fails ($n)" 160*00b67f09SDavid van Moolenbroek ret=0 161*00b67f09SDavid van Moolenbroek $DIG +tcp @10.53.0.1 -p 5300 edns512-notcp soa > dig.out.test$n 162*00b67f09SDavid van Moolenbroek grep "status: SERVFAIL" dig.out.test$n > /dev/null || 163*00b67f09SDavid van Moolenbroek grep "connection timed out;" dig.out.test$n > /dev/null || ret=1 164*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 165*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 166*00b67f09SDavid van Moolenbroekelse 167*00b67f09SDavid van Moolenbroek echo "I:skipping checking recursive lookup to edns 512 + no tcp + trust anchor fails as crypto not enabled" 168*00b67f09SDavid van Moolenbroekfi 169*00b67f09SDavid van Moolenbroek 170*00b67f09SDavid van Moolenbroek 171*00b67f09SDavid van Moolenbroekecho "I:exit status: $status" 172*00b67f09SDavid van Moolenbroekexit $status 173